Revision as of 15:24, 21 November 2013

Unified Extensible Firmware Interface (or UEFI for short) is a new type of firmware that was initially designed by Intel (known as EFI then) mainly for its Itanium based systems. It introduces new ways of booting an OS that is distinct from the commonly used "MBR boot code" method followed for BIOS systems. It started as Intel's EFI in versions 1.x and then a group of companies called the UEFI Forum took over its development from which it was called Unified EFI starting with version 2.0. As of 24 July 2013, UEFI Specification 2.4 (released July 11, 2013) is the most recent version.

Note:

This page explains What is UEFI and UEFI support in Linux kernel. It does not describe setting up UEFI Boot Loaders. For that information see Boot Loaders.

Unless specified as EFI 1.x, EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware. Also unless stated explicitly, these instructions are general and some of them may not work or may be different in Apple Macs. Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one (U)EFI specification and therefore is not a standard UEFI firmware.

A BIOS or Basic Input-Output System is the very first program (firmware) that is executed once the system is switched on. In most cases it is stored in a flash memory in the motherboard itself and independent of the system storage. BIOS launches the first 440 bytes (Master Boot Record) of the first disk in the BIOS disk order. Since very little can be achieved by a program that fits into the 440-byte boot code area, usually a common boot loader like GRUB or Syslinux or LILO would be loaded by the BIOS, and it would load an operating system by either chain-loading or directly loading the kernel. See Arch Boot Process for more details.

UEFI has support for reading both the partition table as well as understanding filesystems. Hence it is not limited by 440 byte code limitation (MBR boot code) as in BIOS systems. It does not use the MBR boot code at all.

The commonly used UEFI firmwares support both MBR and GPT partition table. EFI in Apple-Intel Macs are known to also support Apple Partition Map besides MBR and GPT. Most UEFI firmwares have support for accessing FAT12 (floppy disks), FAT16 and FAT32 filesystems in HDDs and ISO9660 (and UDF) in CD/DVDs. EFI in Intel Macs can also access HFS/HFS+ filesystems, in addition to the mentioned ones.

UEFI does not launch any boot code in the MBR whether it exists or not. Instead it uses a special partition in the partition table called EFI System Partition in which files required to be launched by the firmware are stored. Each vendor can store its files under <EFI SYSTEM PARTITION>/EFI/<VENDOR NAME>/ folder and can use the firmware or its shell (UEFI shell) to launch the boot program. An EFI System Partition is usually formatted as FAT32 or (less commonly) FAT16.

Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture. The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards are known to operate on Intel EFI 1.10 firmware.

An x86_64 EFI firmware does not include support for launching 32-bit EFI apps (unlike x86_64 Linux and Windows versions which include such support). Therefore the UEFI application must be compiled for that specific firmware processor bitness/architecture.

Boot Process under UEFI

Firmware then reads its Boot Manager data to determine which UEFI application to be launched and from where (i.e. from which disk and partition).

Firmware then launches the UEFI application as defined in the boot entry in the firmware's boot manager.

The launched UEFI application may launch another application (in case of UEFI Shell or a boot manager like rEFInd) or the kernel and initramfs (in case of a boot loader like GRUB) depending on how the UEFI application was configured.

Note: On some UEFI systems the only possible way to launch UEFI application on boot (if it does not have custom entry in UEFI boot menu) is to put it in this fixed location: <EFI SYSTEM PARTITION>/EFI/boot/bootx64.efi (for 64-bit x86 system)

Multibooting in UEFI

Since each OS or vendor can maintain its own files within the EFI System Partition without affecting the other, multi-booting using UEFI is just a matter of launching a different UEFI application corresponding to the particular OS's bootloader. This removes the need for relying on chainloading mechanisms of one boot loader to load another to switch OSes.

Booting Microsoft Windows

64-bit Windows Vista (SP1+), Windows 7 and Windows 8 versions support booting using x86_64 EFI firmware. Windows forces type of partitioning depending on the firmware used, i.e. if Windows is booted in UEFI mode, it can be installed only to a GPT disk. If the Windows is booted in Legacy BIOS mode, it can be installed only to a MBR disk. This is a limitation enforced by Windows installer. Thus Windows supports either UEFI-GPT boot or BIOS-MBR boot only, not UEFI-MBR or BIOS-GPT boot.

Such a limitation is not enforced by the Linux kernel, but can depend on how the bootloader is configured. The Windows limitation should be considered if the user wishes to boot Windows and Linux from the same disk, since setting up the bootloader itself depends on the firmware type and disk partitioning used. In case where Windows and Linux dual boot from the same disk, it is advisable to follow the method used by Windows, either go for UEFI-GPT boot or BIOS-MBR boot only, not the other two cases.

32-bit Windows versions only support BIOS-MBR booting. So, in case of Linux and 32-bit Windows booting from the same disk, the disk has to use MBR. See http://support.microsoft.com/kb/2581408 for more info.

Detecting UEFI Firmware bitness

Non Macs

Check whether the dir /sys/firmware/efi exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)

Note: Intel Atom System-on-Chip systems ship with 32-bit UEFI (as on 2 November 2013). See this page for more info.

Apple Macs

To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:

ioreg -l -p IODeviceTree | grep firmware-abi

If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.

Linux Kernel Config options for UEFI

UEFI Runtime Variables Support (efivarfs filesystem - /sys/firmware/efi/efivars). This option is important as this is required to manipulate UEFI Runtime Variables using tools like /usr/bin/efibootmgr. The below config option has been added in kernel 3.10 and above.

UEFI Variables

UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using

Inconsistency between efivarfs and sysfs-efivars

Enabling both OLD sysfs-efivars and NEW efivarfs can cause data inconsistency issues (see See https://lkml.org/lkml/2013/4/16/473 for more info). Due to this OLD sysfs-efivars is completely disabled in Arch's official kernels (since core/linux-3.11 and core/linux-lts-3.10) and only NEW efivarfs is enabled/supported going forward. All the UEFI Variables related tools and utilities in official repositories support efivarfs as of 01 October 2013.

Note: As a side-effect of disabling OLD sysfs-efivars, efi_pstore module is also disabled in the official Arch kernels as EFI pstore functionality in the kernel depends of OLD sysfs-efivars support.

If you have both interfaces enabled, you need to disable one of them, and disable and re-enable the other interface (to refresh the data, to prevent inconsistencies) before accessing the EFI VAR data using any userspace tool:

If EFI Variables support does not work even after the above conditions are satisfied, try the below workarounds:

If any userspace tool is unable to modify efi variables data, check for existence of /sys/firmware/efi/efivars/dump-* files. If they exist, delete them, reboot and retry again.

If the above step does not fix the issue, try booting with efi_no_storage_paranoia kernel parameter to disable kernel efi variable storage space check that may prevent writing/modification of efi variables.

Note:efi_no_storage_paranoia should only be used when needed and should not be left as a normal boot option. The effect of this kernel command line parameter turns off a safeguard that was put in place to help avoid the bricking of machines when the NVRAM gets too full.

Mount efivarfs

If efivarfs is not automatically mounted at /sys/firmware/efi/efivars by systemd during boot, then you need to manually mount it to expose UEFI Variable support to the userspace tools like efibootmgr etc.:

# mount -t efivarfs efivarfs /sys/firmware/efi/efivars

Note: The above command should be run both OUTSIDE (BEFORE) and INSIDE chroot, if any.

It is also a good idea to auto-mount efivarfs during boot via /etc/fstab as follows:

efibootmgr

Warning:

Using efibootmgr in Apple Macs may brick the firmware and may need reflash of the motherboard ROM. There have been bug reports regarding this in Ubuntu/Launchpad bug tracker. Use bless command alone in case of Macs. Experimental "bless" utility for Linux by Fedora developers - mactel-bootAUR.

Note:

If efibootmgr completely fails to work in your system, you can reboot into UEFI Shell v2 and use bcfg command to create a boot entry for the bootloader.

If you are unable to use efibootmgr, some UEFI BIOSes allow users to directly manage uefi boot options from within the BIOS. For example, some ASUS BIOSes have a "Add New Boot Option" choice which enables you to select a local EFI System Partition and manually enter the EFI stub location. (for example \EFI\refind\refind_x64.efi).

Upstream efibootmgr http://linux.dell.com/git/efibootmgr.git does not support efivarfs. However vathpela's efibootmgr supports efivarfs and is currently used in official efibootmgr pkg. sysfs-efivars is also completely disabled in official Arch kernel and it supports only efivarfs. This section is written with the assumtion that you are using only efivarfs and vathpela's efibootmgr.

Assuming the boot-loader file to be launched is /boot/efi/EFI/refind/refind_x64.efi, /boot/efi/EFI/refind/refind_x64.efi can be split up as /boot/efi and /EFI/refind/refind_x64.efi, wherein /boot/efi is the mountpoint of the EFI System Partition, which is assumed to be /dev/sdXY (here X and Y are just placeholders for the actual values - eg:- in /dev/sda1 , X==aY==1).

To determine the actual device path for the EFI System Partition (assuming mountpoint /boot/efi for example) (should be in the form /dev/sdXY), try :

In the above command /boot/efi/EFI/refind/refind_x64.efi translates to /boot/efi and /EFI/refind/refind_x64.efi which in turn translate to drive /dev/sdX -> partition Y -> file /EFI/refind/refind_x64.efi.

The 'label' is the name of the menu entry shown in the UEFI boot menu. This name is user's choice and does not affect the booting of the system. More info can be obtained from efibootmgr GIT README .

FAT32 filesystem is case-insensitive since it does not use UTF-8 encoding by default. In that case the firmware uses capital 'EFI' instead of small 'efi', therefore using \EFI\refind\refindx64.efi or \efi\refind\refind_x64.efi does not matter (this will change if the filesystem encoding is UTF-8).

EFI System Partition

The EFI System Partition (also called ESP or EFISYS) is a FAT32 formatted physical partition (in the main partition table of the disk, not LVM or software raid etc.) from where the UEFI firmware launches the UEFI bootloader and application. It is a OS independent partition that acts as the storage place for the EFI bootloaders and applications which the firmware launches them. It is mandatory for UEFI boot. It should be marked as EF00 or ef00 type code in gdisk, or boot flag in case of GNU Parted (only for GPT disk). It is recommended to keep ESP size at 512 MiB although smaller/larger sizes are fine (smaller sizes provided it is higher than the minimum FAT32 FS partition size limit (as mandated by FAT32 specification from Microsoft). For more info visit link.

Note:

It is recommended to use always GPT for UEFI boot as some UEFI firmwares do not allow UEFI-MBR boot.

In GNU Parted, boot flag (not to be confused with legacy_boot flag) has different effect in MBR and GPT disk. In MBR disk, it marks the partition as active. In GPT disk, it changes the type code of the partition to EFI System Partition type. Parted has no flag to mark a partition as ESP in MBR disk (this can be done using fdisk though).

Microsoft documentation noted the ESP size: For Advanced Format 4K Native drives (4-KB-per-sector) drives, the minimum size is 260 MB, due to a limitation of the FAT32 file format. The minimum partition size of FAT32 drives is calculated as sector size (4KB) x 65527 = 256 MB. Advanced Format 512e drives are not affected by this limitation, because their emulated sector size is 512 bytes. 512 bytes x 65527 = 32 MB, which is less than the 100 MB minimum size for this partition. From: http://technet.microsoft.com/en-us/library/hh824839.aspx#DiskPartitionRules

In case of EFISTUB, the kernels and initramfs files should be stored in the EFI System Partition. For sake of simplicity, you can also use the ESP as the /boot partition itself instead of a separate /boot partition, for EFISTUB booting.

GPT partitioned disks

Create a partition with partition type ef00 or EF00 using gdisk (from gptfdisk pkg). Then format that partition as FAT32 using mkfs.fat -F32 /dev/<THAT_PARTITION>

(or)

Create a FAT32 partition and in GNU Parted set/activate the boot flag (not legacy_boot flag) on that partition

Note: If you get the message WARNING: Not enough clusters for a 32 bit FAT!, reduce cluster size with mkfs.fat -s2 -F32 ... or -s1, otherwise the partition may be unreadable by UEFI.

MBR partitioned disks

Create a partition with partition type 0xEF using fdisk (from util-linux pkg). Then format that partition as FAT32 using mkfs.fat -F32 /dev/<THAT_PARTITION>

UEFI Shell

The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifyiang boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.

Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at ShellPkg and this mail

Launching UEFI Shell

Few Asus and other AMI Aptio x86_64 UEFI firmware based motherboards (from Sandy Bridge onwards) provide an option called "Launch EFI Shell from filesystem device" . For those motherboards, download the x86_64 UEFI Shell and copy it to your EFI System Partition as <EFI_SYSTEM_PARTITION>/shellx64.efi (mostly /boot/efi/shellx64.efi) .

Systems with Phoenix SecureCore Tiano UEFI firmware are known to have embedded UEFI Shell which can be launched using either F6, F11 or F12 key.

Note: If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with Shell.efi copied as (USB)/efi/boot/bootx64.efi. This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.

Important UEFI Shell Commands

UEFI Shell commands usually support -b option which makes output pause after each page. map lists recognized filesystems (fs0, ...) and data storage devices (blk0, ...). Run help -b to list available commands.

bcfg

BCFG command is used to modify the UEFI NVRAM entries, which allow the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of "UEFI Shell Specification 2.0" PDF document.

Note:

Users are recommended to try bcfg only if efibootmgr fails to create working boot entries in their system.

UEFI Shell v1 official binary does not support bcfg command. You can download a modified UEFI Shell v2 binary which may work in UEFI pre-2.3 firmwares.

}}

To dump a list of current boot entries:

Shell> bcfg boot dump -v

To add a boot menu entry for rEFInd (for example) as 4th (numbering starts from zero) option in the boot menu:

Shell> bcfg boot add 3 fs0:\EFI\refind\refind_x64.efi "rEFInd"

where fs0: is the mapping corresponding to the EFI System Partition and fs0:\EFI\refind\refind_x64.efi is the file to be launched.

To remove the 4th boot option:

Shell> bcfg boot rm 3

To move the boot option #3 to #0 (i.e. 1st or the default entry in the UEFI Boot menu):

Shell> bcfg boot mv 3 0

For bcfg help text:

Shell> help bcfg -v -b

or:

Shell> bcfg -? -v -b

edit

EDIT command provides a basic text editor with an interface similar to nano text editor, but slightly less functional. It handles UTF-8 encoding and takes care or LF vs CRLF line endings.

To edit, for example rEFInd's refind.conf in the EFI System Partition (fs0: in the firmware)

UEFI Linux Hardware Compatibility

UEFI Bootable Media

Create UEFI bootable USB from ISO

Remove UEFI boot support from ISO

Warning: In the event that UEFI+isohybrid El Torito/MBR really causes problems, it would be better to just UEFI boot using the USB stick instructions in the previous section

Most of the 32-bit EFI Macs and some 64-bit EFI Macs refuse to boot from a UEFI(X64)+BIOS bootable CD/DVD. If one wishes to proceed with the installation using optical media, it might be necessary to remove UEFI support first.

Mount the official installation media and obtain the archisolabel as shown in the previous section.

Troubleshooting

Windows 7 will not boot in UEFI Mode

If you have installed Windows to a different harddisk with GPT partitioning and still have a MBR partitioned harddisk in your computer, then it is possible that the UEFI BIOS is starting it's CSM support (for booting MBR partitions) and therefor Windows will not boot. To solve this merge your MBR harddisk to GPT partitioning or disable the SATA port where the MBR harddisk is plugged in or unplug the SATA connector from this harddisk.

Mainboards with this kind of problem:

Gigabyte Z77X-UD3H rev. 1.1 (UEFI BIOS version F19e)

- UEFI BIOS option for booting UEFI Only does not pretend the UEFI BIOS from starting CSM

USB media gets struck with black screen

This issue can occur either due to KMS issue. Try Disabling KMS while booting the USB.

If the issue is not due to KMS, then it may be due to bug in EFISTUB booting (see [2] and [3] for more information.). Both Official ISO (Archiso) and Archboot iso use EFISTUB (via Gummiboot Boot Manager for menu) for booting the kernel in UEFI mode. In such a case you have to use GRUB as the USB's UEFI bootloader by following the below section.

Using GRUB

Create USB Flash Installation drive as mentioned in link. After that follow the below steps to use GRUB instead of Gummiboot.